Archives/algo
2
0
Fork 0
mirror of https://github.com/trailofbits/algo synced 2024-11-16 12:12:55 +00:00
Code Issues Projects Releases Wiki Activity
527 Commits 5 Branches 2 Tags 10 MiB
c2ecab3f98
Commit Graph

182 Commits

Author SHA1 Message Date
Defunct
a9dd0af3fe resolves #176 + other ec2 env issues 2016-12-21 05:55:11 +00:00
Dan Guido
75194675eb closes #175 2016-12-20 20:28:13 -05:00
kennwhite
d2aa52f4e9 UX hint on profile name 
Add explicit label for Algo-generated VPNs. If the user has multiple (non-Algo) VPNs for home/office, there is typically a label other than an IP address and "IKEv2".  This can be seen, for example, on OSX on the top menu bar for networks.
 2016-12-19 15:21:02 -05:00
Jack Ivanov
33b3af540a Fix SSH keys for DigitalOcean 2016-12-19 00:19:26 +03:00
Jack Ivanov
2c9c3ccb09 Fixed #146 2016-12-17 16:36:59 +03:00
Jack Ivanov
cd5b096ab7 DO fix 2016-12-17 15:16:40 +03:00
Jack Ivanov
90cc5fa1f7 some fixes 2016-12-17 14:54:44 +03:00
Jack Ivanov
1d07200c74 generating ssh-keys #152 #151 #112 2016-12-17 14:54:44 +03:00
Jack Ivanov
abf94989fc the password for the CA private key #75 2016-12-15 13:33:29 +03:00
Jack Ivanov
8b0fe4d8f3 Block client-to-client traffic. Fixed #166 2016-12-14 21:54:14 +03:00
Jack Ivanov
ecb6b498b9 unnecessarry to use such way Fixed #162 2016-12-14 19:42:39 +03:00
Jack Ivanov
f1715c4e0b random password for the p12 certificates #135 2016-12-14 18:49:47 +03:00
Jack Ivanov
03c805cb87 reorganize the wait_for functions #159 2016-12-13 21:58:45 +03:00
Jack Ivanov
275663264a ipv6 option is available in ansible 2.2; Fixed #158 2016-12-13 21:12:51 +03:00
Jack Ivanov
37ec574d8d IP_subject_alt_name is not declared for localhost. Fixed #149 2016-12-13 20:46:27 +03:00
Jack Ivanov
517366f194 EC2 fix 2016-12-13 20:34:27 +03:00
Jack Ivanov
50e9dbfce0 draft EC2 #150 #157 2016-12-13 19:50:18 +03:00
Jack Ivanov
981809998c Merge branch 'master' of github.com:trailofbits/algo 2016-12-13 08:44:31 +03:00
kennwhite
016a8c7708 Change default instance to free tier (t2.micro) 
I know this is a bit goofy, but the t2.nano is not in the free tier for AWS even though it is smaller than the t2.micro instance. See: https://aws.amazon.com/blogs/aws/ec2-update-t2-nano-instances-now-available/ (the "PS" at the bottom), confirmed on pricing page. The difference is $4.30 per mo vs. free/$8.76  per mo. Maybe add this to config questions, but at least one reviewer has noted this as an issue for his just-setup AWS free account.
 2016-12-12 15:14:58 -05:00
Jack Ivanov
0269cafff7 DNS fix 2016-12-12 18:52:34 +03:00
Jack Ivanov
29ef4d45df Merge pull request #144 from trailofbits/ami_latest_image 
Sort by latest AMI - resolves #140
 2016-12-10 21:56:49 +03:00
Jack Ivanov
c552602724 Azure support #26 2016-12-10 21:26:08 +03:00
Defunct
27e5a4feca Sort by latest AMI - resolves #140 2016-12-09 20:45:12 +00:00
Jack Ivanov
3d53dde6ca Fixed. #137 2016-12-06 20:14:08 +03:00
Jack Ivanov
790bcb2efc Merge branch 'win10_support' #9 2016-11-30 17:00:03 +03:00
Jack Ivanov
8a0c5ab971 Windows support implemented 2016-11-29 23:00:01 +03:00
Jack Ivanov
f6166ccde4 modify ciphers #9 2016-11-29 22:14:18 +03:00
Jack Ivanov
195697a1f0 Merge pull request #131 from trailofbits/ec2updates 
EC2 Updates and fixes
 2016-11-29 18:48:31 +03:00
Jack Ivanov
ad162f55a2 here were no credentials #127 2016-11-29 18:46:58 +03:00
defunct
e40545cce5 opens #126 
This commit reverts changes in 437d659 to avoid breaking changes.
 2016-11-27 12:55:05 -05:00
Jack Ivanov
e90b58802d fix in the mobileconfig template 2016-11-27 12:44:05 +03:00
Jack Ivanov
2cb98b4516 Windows RSA support #9 2016-11-27 01:37:17 +03:00
Jack Ivanov
ede452fad4 Merge branch 'master' of github.com:trailofbits/algo 2016-11-26 23:27:25 +03:00
Jack Ivanov
c5860cbc5d Merge pull request #125 from cernekee/tag-fix. Fix #128 
Add missing playbook tags
 2016-11-26 23:24:43 +03:00
Jack Ivanov
ee95846445 mobileconfig fix 2016-11-26 23:22:12 +03:00
Defunct
d54ba6c7ce Merge branch 'master' into ec2updates 2016-11-26 18:08:14 +00:00
fkt
27ea98e7a8 Show congrats message at the end - #115 2016-11-26 18:05:06 +00:00
Defunct
437d659eb6 resolves #126 - incorrect private key usage w/o ssh-agent 2016-11-26 17:42:46 +00:00
Defunct
1dc6e1a0fa resolves #118 - AWS env keys 2016-11-26 17:39:24 +00:00
Jack Ivanov
047f68df2f Change the site in the congrats handler to whoer.net in order to clarify the message at the end of the install about testing VPN. Fix #110 2016-11-23 20:34:53 +03:00
Kevin Cernekee
433389c0ab Use /var/run/reboot-required to determine if a restart is needed 
The current check only looks to see if a new kernel was installed.
 2016-11-06 09:45:39 -08:00
Kevin Cernekee
09bbc4058c Add missing tags in common playbook 
If the common playbook is invoked with the "cloud" tag, non-cloud
tasks will be skipped.  On GCE this causes "Install tools" to be skipped,
apparmor-utils is not installed, and then the "Enforcing ipsec with
apparmor" step fails.
 2016-11-06 09:45:34 -08:00
Jack Ivanov
29de003b2d inplemented #109 2016-11-03 18:05:56 +03:00
Jack Ivanov
5383c71499 Fixed #108 2016-11-03 17:21:18 +03:00
Jack Ivanov
d052cb8e77 skip-tags added. Fixed #121 2016-10-28 21:00:11 +03:00
Jack Ivanov
76ea7f67ae extra vars added to use local DNS #110 2016-10-26 18:56:23 +03:00
Jack Ivanov
289807ead4 fix dependencies 2016-10-25 21:33:46 +03:00
Jack Ivanov
d50bd43988 Fix SSH keys permissions 2016-10-24 18:08:58 +03:00
Jack Ivanov
44bc3ead48 set AllowTcpForwarding to local 2016-10-24 17:53:08 +03:00
Dan Guido
c52350030d Merge branch 'master' into docs 2016-10-16 22:01:56 +02:00
Jack Ivanov
d93b7c200f EC2 | Add VPC group #98 and counts #59 2016-10-16 19:24:04 +03:00
Jack Ivanov
0e613f2ff7 fix a typo. #96 closed 2016-10-16 17:38:00 +03:00
Jack Ivanov
8c284a16e3 Done. #96 2016-10-16 17:36:01 +03:00
Jack Ivanov
062426e0ec client configuration templates #43 2016-10-16 15:27:05 +03:00
Dan Guido
1a3a14943c pull in changes from master 2016-10-15 19:26:28 +02:00
Jack Ivanov
fcf29534ba the proxixy filter rules disabled #93 2016-10-14 19:58:55 +03:00
Jack Ivanov
bf5d5e53ac ip6tables fixes 2016-10-14 19:05:39 +03:00
Jack Ivanov
c43ccc3898 iptables moved to the vpn role #61 2016-10-14 18:50:24 +03:00
Dan Guido
bff7c414b2 Initial commit of reorg'd docs 2016-10-13 15:27:06 +02:00
Jack Ivanov
4db428a86e Disable unneeded plugins in StrongSwan #84 2016-10-10 15:42:32 +03:00
Jack Ivanov
2cca45c967 additional tags 2016-10-10 15:32:14 +03:00
Jack Ivanov
ad9d7d6ddb disable dpdtimeout #90 2016-09-26 22:07:34 +03:00
Jack Ivanov
8e0cca6b66 some fixes 2016-09-26 15:43:19 +03:00
Jack Ivanov
dbeb7a13e8 Merge branch 'tags' #80 2016-09-19 20:22:51 +03:00
Jack Ivanov
4d731580b7 linting 2016-09-19 20:18:27 +03:00
Jack Ivanov
fc162728d3 role for local installation 2016-09-19 19:54:45 +03:00
Jack Ivanov
d9441b236a move to tags #80 2016-09-18 13:12:17 +03:00
Jack Ivanov
aa4dcc31d4 gce role to tags 2016-09-18 13:11:30 +03:00
Jack Ivanov
cf5a0f41d3 ec2 role to tags 2016-09-18 13:11:22 +03:00
Jack Ivanov
97ea00056d DO roles to tags 2016-09-18 13:11:10 +03:00
Jack Ivanov
6685642f0b #85 fixed 2016-08-31 11:42:29 +03:00
Jack Ivanov
91688324ce additional functions 2016-08-28 23:19:41 +03:00
Jack Ivanov
ddcee8db18 logging fixes 2016-08-28 23:07:45 +03:00
Jack Ivanov
97a00699b7 new tags 2016-08-28 23:04:59 +03:00
Jack Ivanov
05df4f0c04 unattended-upgrades moved to the security role 2016-08-28 22:11:39 +03:00
Evgeniy Ivanov
4284dd63aa rsyslog moved to the logging role 2016-08-28 22:06:33 +03:00
Jack Ivanov
0cd4084aa4 ssh fixes 2016-08-26 00:47:08 +03:00
Jack Ivanov
00e4bcc1ec security role and SSH fixes #77 2016-08-26 00:35:07 +03:00
Jack Ivanov
8c5f80bf8f linting 2016-08-25 23:59:16 +03:00
Jack Ivanov
57b6c96ba8 SSH fingerprints #77 2016-08-25 23:48:35 +03:00
Jack Ivanov
0945f54366 SSH user-management #77 2016-08-25 23:30:27 +03:00
Jack Ivanov
c19908c9b1 ssh fixes 2016-08-25 23:03:20 +03:00
Jack Ivanov
cf08c5ff61 fix 2016-08-25 22:20:53 +03:00
Dan Guido
27421070b9 linting 2016-08-24 09:22:04 +02:00
Dan Guido
809b62cd33 daemon_reload is an option for systemd, not service 2016-08-24 09:03:29 +02:00
Jack Ivanov
b29f1ab226 service fixed #78 2016-08-24 10:03:19 +03:00
Dan Guido
2fcc3600fd Disable features in the Match block vs main config 2016-08-23 17:03:27 -04:00
Jack Ivanov
1dcfe18055 SSH tunneling role #77 2016-08-23 16:51:06 +03:00
Jack Ivanov
19797bc020 CPU and memory limitations of the services #63 2016-08-23 16:10:42 +03:00
Evgeniy Ivanov
5ecd23c59c type 2016-08-23 09:01:07 +03:00
Evgeniy Ivanov
468d5af23d service fixes 2016-08-23 09:00:32 +03:00
Defunct
50f43dc601 revert systemd changes (2.2 only), identation normalization; 2016-08-23 02:02:57 +00:00
Evgeniy Ivanov
09c39627d9 Memory limits #63 2016-08-22 23:01:43 +03:00
Evgeniy Ivanov
c51fe5dac0 run charon as non-root user #66 2016-08-21 20:32:31 +03:00
Evgeniy Ivanov
71ad2f570e proxy prompts enabled #70 2016-08-21 19:57:52 +03:00
Evgeniy Ivanov
ba50abce8a make local ip changeable #67 2016-08-21 13:29:53 +03:00
Evgeniy Ivanov
e6090b8245 forwarding #61 2016-08-21 12:51:58 +03:00
Colin Mahns
1fbe1b63f8 HTTPS for domains that support it 
hosts-file.net and malwaredomainlist.com has optional TLS, adaway.org forces it server side
 2016-08-20 14:48:31 -04:00
Colin Mahns
6c81b86c92 Link to MVPS Hosts file directly 
http://www.mvps.org/winhelp2002/hosts.txt redirects to http://winhelp2002.mvps.org/hosts.txt automatically, saves a step
 2016-08-20 14:40:33 -04:00
Evgeniy Ivanov
53f60e33d8 random tmp names #64 2016-08-20 17:45:35 +03:00